Forum Discussion
Graph Security API - Specific service permissions?
We have configured our application and granted "SecurityEvents.ReadAll" permissions to be able to pull alerts, and we can see alerts from Sentinel,Security Center, Microsoft 365 Alerts and so forth. From my research it seems the scope for Graph permissions are the following. Is it possible to limit an application to pull ONLY Security Center or Sentinel alerts?
Permission Entity Supported requests
| SecurityActions.Read.All | • securityActions (preview) | GET |
| SecurityActions.ReadWrite.All | • securityActions (preview) | GET, POST |
| SecurityEvents.Read.All | • alerts • secureScores • secureScoreControlProfiles | GET |
| SecurityEvents.ReadWrite.All | • alerts • secureScores • secureScoreControlProfiles | GET, POST, PATCH |
| ThreatIndicators.ReadWrite.OwnedBy | • tiIndicator (preview) | GET, POST, PATCH, DELETE |
PS I know you can filter them out, but I want to limit the applications from being able to pull them in the first place.
No RepliesBe the first to reply
